Govt should collaborate with private sector on DUA Bill: Experts

The UK is debating its new Data (Use and Access) Bill, a legislation that is supposed to pave the way for digital verification and digital identity products.

The value of these solutions to the UK economy could be as much as £700 million (US$890.9 million) a year, according to the Department for Science, Innovation and Technology. But to make it work, the government will need to collaborate more with the private sector and undertake research to understand public needs, experts said at a recent Westminster forum dedicated to digital identities.

“The government should do the bits that only the government can do – the [Digital Identity and Attributes Trust Framework], the top-level stuff,” says Tony Allen, executive director of the Age Check Certification Scheme (ACCS). “But it needs to work more collaboratively with the private sector to do the bits that the private sector can do better.”

One example are Nordic countries and Estonia which have seen much more of a private sector engagement, he adds.

The DUA Bill was introduced into the British Parliament in October. The bill will support the creation and adoption of trusted digital verification services from certified providers in the UK. These services will allow individuals and businesses to embrace secure digital identities, replacing physical documents.

The government is tasked with maintaining the Digital Identity and Attributes Trust Framework (DIATF), certifying digital ID services and issuing trust marks through the Office for Identities and Attributes, which kicked off a few weeks ago. The ACCS is one of the conformity assessment bodies appointed by the government to carry out the certification process.

“It’s all about building trust and confidence in the whole ecosystem,” says Allen. “And importantly, it’s about one trust framework provider being able to trust what another trust framework provider does so that they can share the digital identities and attributes without having to share the originating source of those.”

The DUA Bill was designed to replace the previous government’s failed Data Protection and Digital Information Bill, adding a few extra details that are supposed to make the legislation more effective. The Office for Digital Identities and Attributes will develop what is now called supplementary codes.

“The bill is also going to end up creating smart data schemes for open banking, open finance, home buying, energy, fuel, retail communications, etc. and digital identity will be underpinning all of those,” says Stephen Wright, head of Regulation and Standards at Bank of APIs, NatWest Group.

To create the supplementary codes, the Office will need to set up standards for interoperability between schemes and data sharing, he adds.

The DUA Bill does not set out all of the details on how digital identities are going to work. Instead, the Secretary of State will prepare a framework for establishing these services while consulting with the Information Commissioner, explains Nicola Fulford, partner at Hogan Lovells law firm.

The legislation also doesn’t analyze the users’ needs.

“There is possibly a disconnect between what we have in the bill and what the public really wants,” says Rachel Coldicutt, executive director at research company Careful Industries.

The firm conducted a survey in August this year, asking over 2,000 Brits about their attitudes towards digital IDs. The research showed that different demographics had different requirements and concerns. This means that we could be looking not at a universal market but a segmented one, Coldicutt adds.

The public, however, is generally favorable towards the idea. Almost 60 percent of survey takers said that there should be a single digital ID, while 19 percent said they were not sure.

Article Topics

Age Check Certification Scheme (ACCS)  |  Data (Use and Access) Bill (DUA)  |  data protection  |  digital identity  |  identity verification  |  legislation  |  public-private partnerships  |  UK